U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

WP Super Cache Cross-Site Scripting (XSS) Vulnerability

WP Super Cache, a WordPress plugin, contains a persistent XSS vulnerability in versions prior to 1.4.4. Exploitation of this vulnerability could allow a remote attacker to take control of the affected system.

Users and administrators are encouraged to review the WP Super Cache Changelog for more information and update to version 1.4.4 if affected.

Apple Releases Security Updates for OS X, iOS, Safari, and Apple TV

Apple has released security updates for OS X, iOS, Safari, and Apple TV to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of the affected system.

Available updates include:

  • OS X Yosemite v10.10.3 and Security Update 2015-004 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10 to v10.10.2
  • iOS 8.3 for iPhones 4s and later, iPod touch 5th generation and later, and iPad 2 and later
  • Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
  • Apple TV 7.2 for Apple TV 3rd generation and later

US-CERT encourages users and administrators to review Apple security updates HT204659, HT204661, HT204658, and HT204662, and apply the necessary updates.

Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)

The Network Time Foundation's NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of these vulnerabilities may allow an attacker to conduct a man-in-the-middle attack or cause a denial of service condition.

Users and administrators are encouraged to review Vulnerability Note VU#374268 for more information and update to NTP 4.2.8p2 if necessary.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top